Aug 05 2020 10:01 AM
Doing a project that has 77 CAPs.
Need to be able to sign them in in the most efficient way.
I tested one manually and the account has MFA required (Note, I am not the AD account control person). Intune is not available. Is disabling MFA on those accounts a good solution to get around MFA?
How can these be signed in:
1) One by one basis
2) All at once
Looking for any specific procedures that would be helpful. The simpler the better.
Aug 05 2020 12:00 PM
SolutionAug 05 2020 12:12 PM
Thanks. That's the article I have been looking at.
The front end of the process is easy and already completed. It is the signing in 77 CAP phones that is the tedious part.
So if they have MFA, each phone account will need a cell associated with it. 77 times.....
Doesn't sound like MFA is efficient for these.
Aug 05 2020 12:19 PM
Aug 05 2020 12:31 PM
Hi,
The most common for common area phones is that you with conditional access set so that the IP network you have the phones connected to does not require MFA. So when a account that you use for one these phones signs in from your network there will be no MFA request, but if someone steals the phone or get the account information and tries to sign in from another network they will get the MFA challenge (or actually not get it).
Running around and signing in Common Area Phones with MFA is not an option, some companies have requirement to sign in with MFA everyday. Not a fun task even for an intern. Also if the phone is in an common area not signed in so that you can't use it for emergency calling can be illegal in some countries.
Aug 05 2020 12:35 PM
Aug 05 2020 12:00 PM
Solution